Currently working as Cyber Security Lead, Royal Mail and Founder of Cybotify, Achal Lekhi, is a thorough professional with a strong academic background and hands on experience in several complex roles in different sectors. He possesses an excellent blend of technology capability, OT/IT awareness, network and Information security, risk and compliance with a detailed understanding and experience of implementing OT security Cybersecurity Standards. His interests lie in enhancing and automating Manufacturing and Operational environments (IACS, IIOT, IOT) with a security mindset.

In an interview with Eventible, Achal speaks about his journey so far, information security, common cyber security threats, and his approach to overcoming challenges, among other things. So what are we waiting for? Let’s get started.

• We believe that everyone has a story to tell. What has your journey been like? Tell us about your story. 

My journey in Cyber hasn’t been simple. I started my career as a program developer, and I think that has always helped me in the cyber world as I am very binary, i.e., it’s either true or false.  It’s been going great so far; I am helping clients across the globe to achieve digital transformation by keeping security at the forefront. “Security” is a creature of habit who believes in homeostasis. Security likes things to stay the same, and evolution is about change hence it’s a battle between security and changes that keeps professionals like us awake and focused. 

• Why do you think it’s essential for companies to worry about information security, and what should they do about it?

I always say know the demons in your data, i.e. when selecting a specific technology layer, consider the data sources the system needs to source, the existing enterprise analysis and visualization tools already in place, the entire user community needs, and the client hardware platforms that will require support. This will eventually bring data democracy, i.e., provide data access in the proper context when and where it’s needed.

• What are the biggest cyber security threats right now?

The advancement in technology, where everything is available as a service, makes attacks using sophisticated tools and tactics to target industries quite frequent. Hence the most significant threat is technology which is also the biggest solution to security. 

• What, according to you, is the future of cyber security? What is the one thing that must improve in this field moving forward to maximize value?

We are moving to a digital era where there will be a relationship between “man and machine,” otherwise known as mabots- the groundwork for human/machine collaboration and machine-to-machine collaboration and connectivity between the plant, logistics, supply chain management, and the end user. Digital integration now promises to connect all stakeholders under a common platform. We need to focus on utilising an efficient workforce of machines and people in synergy with the environment.

• How has the COVID-19 pandemic changed the way we work today? What trends do you see coming into force after the pandemic?

COVID-19 has enabled people to take control of their digital journey, but this has also enabled new challenges to the cyber industries as the new normal has increased the attack surface, which was previously restricted to the office location. Now, it can be anywhere in the world. The most significant change we need to bring is 1) awareness not just on an individual level but on an industry-wide level and 2) Manage risk exposure, i.e., to organise and link together the various risk disciplines (e.g., cybersecurity, operational risks, business continuity etc.).

• What do you believe is the biggest challenge in the cybersecurity industry today?

I consider Security’s 4 key elements: Design, Technology, People, and Processes as the biggest challenges in the cybersecurity industry today. I like to call it Security Tetrahedron. All these are the biggest challenge in the cybersecurity industry, as you can’t achieve success in one without the other, and it’s important for the industries to keep all these together when thinking about security. 

• What factors, professional and personal, drive you as a leader? What keeps you going?

No problem in the world does not have a solution. If you can’t find the solution, and if you can’t find a solution, it simply means that you are not looking for it in the right place.
 

Personally, I tell everyone that your family should always come first. You can return to your professional goals tomorrow, but don’t let that overcome your personal objectives. 

• What has been your key takeaway from IoT Tech Expo 2022?

Great collaboration across Europe and UK, and a great question everyone was after– why should CISOs and CIOs consider implementing a zero-trust approach to cybersecurity?

• This year we see the comeback of many in-person events. What is your take on in-person events? Do you prefer them over hybrid or virtual?

Hybrid is good. 

•  Eventible.com is a review platform catering to B2B events. Given how review-driven our lives have become today, will reviews bring a level of transparency to the events industry? Would you rely on event reviews from other speakers if you had to make a speaking decision?   

Absolutely, I think having the reflection of any event matters, and it’s even more if it’s coming from speakers’ point of view.